348 matches found
CVE-2009-3701
Multiple cross-site scripting XSS vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1...
CVE-2009-3701
CVE-2009-3701 affects Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5. It enables remote XSS via PATH_INFO to admin/phpshell.php, admin/cmdshell.php, or admin/sqlshell.php, related to PHP_SELF. Impact is arbitrary script/HTM...
Horde 3.3.5 Cross Site Scripting
============================================= INTERNET SECURITY AUDITORS ALERT 2009-012 - Original release date: October 13th, 2009 - Last revised: December 16th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3701 - Severity: 6.3/10 CVSS Base Score...
PHD Help Desk v1.43 Mutliple XSS
Exploit for unknown platform in category web applications ================================ PHD Help Desk v1.43 Mutliple XSS ================================ Mutliple XSS in PHD Help Desk v1.43 Name Multiple vulnerabilities in PHD Help Dsk Systems Affected PHD Help Desk v1.43 and possibly earlier...
cpCommerce 1.2.x File Inclusion
!/usr/bin/perl cpCommerce 1.2.x GLOBALSprefix Arbitrary File Inclusion Exploit by staker mail: stakerathotmaildotit url: http://cpcommerce.cpradio.org it works with registerglobals=on if you wanna carry out a LFI - mq=off short explanation: cpCommerce contains one flaw that allows an attacker to...
CVE-2009-1578
Multiple cross-site scripting XSS vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php; 2 PHPSELF; and 3 the que...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php; 2 PHPSELF; and 3 the que...
CVE-2009-1578
CVE-2009-1578 affects SquirrelMail < 1.4.18 and NaSMail
CVE-2009-1204
Cross-site scripting XSS vulnerability in TikiWiki Tiki CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHPSELF portion of a URI to 1 tiki-galleries.php, 2 tiki-listfilegallery.php, 3 tiki-listpages.php, and 4 tiki-orphanpages.php...
CVE-2009-1204
Cross-site scripting XSS vulnerability in TikiWiki Tiki CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHPSELF portion of a URI to 1 tiki-galleries.php, 2 tiki-listfilegallery.php, 3 tiki-listpages.php, and 4 tiki-orphanpages.php...
Flatnux 2009-01-27 - Remote File Inclusion
Flatnux 2009-01-27 - Remote File Inclusion @ flatnux Flatnux-2009-01-27 RFI zależności P + Alfons Luja + 2009 + grts : All friends VULN : +++ include/theme.php ... ?php if eregi"theme.php", $SERVER'PHPSELF' die; // 0 -- I dont give a fuck global $theme, $FNROOTPATH,$lang; //-- 1 global...
Flatnux 2009-01-27 Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ====================================================== Flatnux 2009-01-27 Remote File Inclusion Vulnerability ====================================================== @ flatnux Flatnux-2009-01-27 RFI zaleznosci P + Alfons Luja + 2009 + grts ...
RCBlog 1.03 - Authentication Bypass
Vendor: http://noahmedling.com Versions: RCBlog 1.03 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=4 ---- By default, the application provides public access to the text file which stores the MD5 hashes of the...
Debian DSA-1693-2 : phppgadmin - several vulnerabilities
Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2865 Cross-site scripting vulnerability allows remote attackers to inject...
Cross-Site Scripting vulnerability in CoBreeder
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в системе CoBreeder. XSS: http://site/22style=22xss:expressionalertdocument.cookie22/ Вариант для IE можно также во всех браузерах через onMouseOver для сайтов на PHP = 5.2.4...
Discuz! 数据库错误信息xss bug
在文件include\dbmysqlerror.inc.php里代码: if$message $errmsg = "bDiscuz! info/b: $message\n\n"; ifisset$GLOBALS'DSESSION''discuzuser' $errmsg .= "bUser/b: ".htmlspecialchars$GLOBALS'DSESSION''discuzuser'."\n"; $errmsg .= "bTime/b: ".gmdate"Y-n-j g:ia", $timestamp + $GLOBALS'timeoffset' 3600."\n"; $errm...
CVE-2008-4763
Multiple cross-site scripting XSS vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHPSELF variable...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHPSELF variable...
CVE-2008-4763
Multiple cross-site scripting XSS vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHPSELF variable...
WebSVN <= 2.0 (XSS/FH/CE) Multiple Remote Vulnerabilities
No description provided by source. WebSVN = 2.0 Multiple Vulnerabilities October 20, 2008 Vendor : Tim Armes URL : http://websvn.tigris.org Version : WebSVN = 2.0 Risk : Multiple Vulnerabilities Description: WebSVN is an online SVN repository viewer. The description taken from the project website...